persónuverndarlögum
Persónuverndarlög are Icelandic laws governing the processing of personal data and the protection of privacy. In Iceland, these laws implement and align with the EU General Data Protection Regulation (GDPR) through national legislation, reflecting Iceland’s status in the European Economic Area. The rules apply to both public authorities and private entities that handle personal data, and the oversight body is the Data Protection Authority, known as Persónuvernd.
The legislation rests on core principles: processing must be lawful, fair and transparent; data is collected
Data subjects have a set of rights under the laws, including access to their data, rectification, erasure
Enforcement and remedies include obligations to report data breaches to Persónuvernd promptly (and to inform affected